21 Jun 2024

Booking.com warns of up to 900 percent increase in travel scams

6:04 am on 21 June 2024
Marnie Wilking, the chief information security officer of Booking.com is photographed during an interview at Collision 2024 in Torontoon June 18, 2024. As travellers rush to book their summer getaways, Booking.com's internet safety boss says watch out for supercharged AI scams. Marnie Wilking, Chief Information Security Officer at the Netherlands-based travel giant, said generative AI had sparked an explosion in online phishing scams, and that the hospitality industry, long spared, had also become a target. (Photo by Cole BURSTON / AFP)

Marnie Wilking, the chief information security officer of Booking.com is warning about a marked increase in phishing and other scams. Photo: Cole Burston/AFP

By Tom Gerken, BBC technology reporter

Booking.com is warning artificial intelligence (AI) is driving an explosion in travel scams.

The firm's internet safety boss, Marnie Wilking, said there had been "anywhere from a 500 to a 900 percent increase" in the past 18 months.

She said there had been a particularly marked increase in phishing - where people are tricked into handing over their financial details - since generative AI tools like ChatGPT burst onto the market.

"Of course, we've had phishing since the dawn of email, but the uptick started shortly after ChatGPT got launched," she said.

"The attackers are definitely using AI to launch attacks that mimic emails far better than anything that they've done to date," she said.

Phishing attacks often try to convince people to hand over their card details through by sending them fake - but very convincing looking - internet booking links.

Scammers often target websites like Booking.com and Airbnb because they allow people to list their own places to stay.

After someone pays up, the scammers either vanish without a trace - leaving the buyer without a place to stay - or even try to scam them out of more money through follow-up messages.

These sorts of scams have been around for decades, though they often come with telltale signs of fraud, such as spelling mistakes and grammatical errors.

But - speaking at the Collision technology conference in Toronto - Wilking said AI was making them harder to detect because it could generate realistic images and much more accurate text, in multiple languages.

She is calling for hotels and travellers to use two-factor authentication - it involves an additional security check, such as inputting a code sent to you phone - calling it "the best way to combat phishing and credential stealing".

She also urged people to more vigilant than before when clicking on links.

But despite criticising how scammers were using AI, she said the technology was also allowing Booking.com to rapidly remove fake hotels which tried to scam people.

"We've set up AI models to detect those and either block them from getting on there to begin or take it down before there's any booking," she said.

Jane Hawkes, a consumer expert specialising in the travel industry, said travel providers should "step up efforts" to make people aware of the scams.

"They also have a responsibility to advise travellers ways to minimise the risk of being scammed," she said.

But she said people should do their research "with due diligence" to avoid falling for them in the first place.

"Check that contact details are readily available on websites and that there is a telephone number - many scam sites purposely don't have one," she said.

She also recommended booking package holidays, rather than booking flights and accommodation separately, and to use a credit card to maximise how much you are protected.

- BBC

Get the RNZ app

for ad-free news and current affairs